SERVER-32410 Validate User::CredentialData during auth

2 files changed, 15 insertions, 4 deletions

diff --git a/src/mongo/crypto/mechanism_scram.cpp b/src/mongo/crypto/mechanism_scram.cpp
index df290cb6fa5..d0dc5965c99 100644
--- a/src/mongo/crypto/mechanism_scram.cpp
+++ b/src/mongo/crypto/mechanism_scram.cpp
@@ -202,6 +202,10 @@ bool verifyClientProof(StringData clientProof, StringData storedKey, StringData
     SHA1Block computedStoredKey =
         SHA1Block::computeHash(clientSignature.data(), clientSignature.size());
 
+    if (storedKey.size() != computedStoredKey.size()) {
+        return false;
+    }
+
     return consttimeMemEqual(reinterpret_cast<const unsigned char*>(storedKey.rawData()),
                              computedStoredKey.data(),
                              computedStoredKey.size());
diff --git a/src/mongo/crypto/mechanism_scram.h b/src/mongo/crypto/mechanism_scram.h
index 97875394df1..25afe543bbb 100644
--- a/src/mongo/crypto/mechanism_scram.h
+++ b/src/mongo/crypto/mechanism_scram.h
@@ -54,15 +54,22 @@ const std::string serverKeyFieldName = "serverKey";
  */
 struct SCRAMPresecrets {
     SCRAMPresecrets(std::string hashedPassword,
-                    std::vector<std::uint8_t> salt,
-                    size_t iterationCount)
+                    std::vector<std::uint8_t> salt_,
+                    size_t iterationCount_)
         : hashedPassword(std::move(hashedPassword)),
-          salt(std::move(salt)),
-          iterationCount(iterationCount) {}
+          salt(std::move(salt_)),
+          iterationCount(iterationCount_) {
+        uassert(ErrorCodes::BadValue,
+                "Invalid salt for SCRAM mechanism",
+                salt.size() >= kSaltLengthMin);
+    }
 
     std::string hashedPassword;
     std::vector<std::uint8_t> salt;
     size_t iterationCount;
+
+private:
+    static const size_t kSaltLengthMin = 16;
 };
 
 inline bool operator==(const SCRAMPresecrets& lhs, const SCRAMPresecrets& rhs) {